On Tue, 2008-07-22 at 14:53 +0200, Joachim Steiger wrote:
> jfyi... try finding out WHY mozilla does trust verisign and not
> ca-cert... the result is quite unfunny and can be described in short as
> 'when mozilla still was netscape4, verisign had a suitcase of money with
> them to get their ca in there'.
> so its not about trust, its about money. simple as that.
This is not true, see mozilla website:
"We will not charge any fees to have a CA's certificate(s) distributed
with our software products." [1]
No security is perfect, we would have to move back to to tiny villages
where we know each other from birth till death for near perfect
authentication.
Having trusted signatures in my browser preinstalled makes lots of
sense, as it makes a man-in-the-middle-attack a lot more difficult.
[1] http://www.mozilla.org/projects/security/certs/policy/